The EARN IT Act, a controversial bill that has been criticized as a threat to encryption, was approved by a Senate committee on Thursday.
The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT) passed through the Senate Judiciary Committee and is ostensibly intended to combat child pornography online, but critics say will kill online encryption and stifle free speech on the internet.
The bill amends Section 230 of the Communications Decency Act, which gives internet companies universal liability from suit for conduct on their platforms, by stripping protection when users share child porn on their sites. It is sponsored by Sen. Lindsey Graham (R-S.C.) and Sen. Richard Blumenthal (D-Conn.), with numerous other co-sponsors.
Child pornography has proliferated on the internet in recent years. In February, the New York Times reported that 70 million images had been reported to the National Center for Missing and Exploited Children last year.
If the EARN IT Act passes, companies could be liable if they knowingly allow users to share such content on their sites. It originally removed Section 230 immunity if they were merely “reckless” about allowing such on their platforms.
The previous version allowed companies to keep liability immunity if they adhered to “best practices,” as defined by a commission comprising mostly law enforcement created under the act.
Under an amendment added yesterday by the bill co-sponsors, the bill now opens the door for federal civil and state civil and criminal claims to be made against internet companies based on state laws.
Critics say this could result in a patchwork of regulations of varying standards, as each state is free to define “knowingly,” forcing companies to broadly conduct themselves under the most stringent standard. They also argue that it will make it overly risky for companies to allow certain speech, such as sexual health advice for teenagers, that has an intrinsic value.
Senators on the committee were universal in their praise of the bill’s purpose, though some expressed reservations about such unintended consequences.
In an effort to address concerns about encryption, the version passed today included an amendment by Sen. Patrick Leahy (D-Vt.) barring criminal or civil liability for utilizing encryption or for being unable to decrypt communication on their site.
The bill’s critics were unswayed.
“This deeply flawed bill would give the [Department of Justice] and a panel of unelected mostly law enforcement officials unprecedented power over the Internet,” tweeted Fight for the Future following the bill’s passage.
Emma Llanso, director of the Center for Democracy & Technology, pointed out that, in spite of Graham’s assurances that the bill still provided immunity for companies that adhere to the ill-defined best practices, under yesterday’s amendment, it does not.
“Liability shield is revoked for state laws and federal civil claims, full stop,” Llanso tweeted.
Leahy’s amendment, though welcome, did not relieve all concerns, either.
“Despite the encryption protections the Leahy amendment seeks, it cannot anticipate and guard against all the actions state legislatures could take to restrict and outlaw effective encryption technologies or the measures that skittish general counsels at these companies could take to avoid costly suits,” Free Press Action Senior Policy Counsel Gaurav Laroia said in a statement following its passage.